32CO PRIVACY NOTICE
‍

📮Our contact details

Email: Tim.Haines@32Co.com

Address: 32Co, G03 Brickfields Business Centre, 37 Cremer Street, London, E2 8HD

❓ What is this notice all about?

We want to be completely transparent about how we collect and use your personal data and this privacy notice exists to tell you exactly how we do this.

This notice applies wherever we decide why and how we process personal data (and therefore act as a Data Controller under data protection law). It covers the personal data we process when you use our services.

Our privacy notice tells you the journey of your personal data from the moment it enters our systems up until it's time for us to say "goodbye 👋, as well as the various stops it makes along the way.

👇 The different ways we process personal data

‍

When our dentists use our platform 

3. 🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?

💡 Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

‍When you first join our platform as a dentist, we'll need some information about you, such as your name, date of birth, previous treatments performed, education details, General Dental Council (GDC) and any other information you may wish to add to your profile and we rely on our contractual obligation under Article 6(1)(b) of the GDPR for this processing.

When you get in touch with us through the platform, we may collect information about shipment, tracking and any other concerns and we rely on Article 6(1)(f) of the GDPR - Legitimate Interests when doing so.

While you use our platform, we may collect data for analytics and reporting purposes. This data will be anonymised and it can contain practice names, number of cases, activities. We require this process in order to improve our product and we rely on Article 6(1)(f) of the GDPR - Legitimate Interests for this processing.

🗺️ Where do we store it?

Our platform is hosted on AWS servers based in the EU. To find out more about AWS, you can visit their privacy notice here. Platform related data will also be hosted on Fauna DB which is a document-relational database. You can find out more about them here.

In order to send push notifications to your phone, we will use Firebase Cloud Messaging, which is part of Google. You can find out more about them, here.

Data pulled from Firebase is then sent to Hubspot, our CRM system. You can find out more about them, here.

⏲️ How long do we keep it for?

We keep the personal data mentioned for the duration of your account with us and for 6 years after you left us, in line with the statutory retention periods for contractual claims.

‍

When patients use our platform

🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?

💡 Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

Patients can add data on our platform such as name, contact details, phone number, intraoral and extraoral photos, 3D images, diagnostic questionnaire and any concerns the patient may have. Dentists may also upload this data on behalf of the patient. We rely on our contractual obligation under Article 6(1)(b) of the GDPR for this processing.

This data is then shared with specialist orthodontists and designers, who create a treatment plan/simulation based on it. It is then sent to our manufacturers to create the product. This processing is conducted under the contractual obligation under Article 6(1)(b) of the GDPR.

In order to deliver your product - either to you or to your dentist, we need to process your home address or your clinic’s address and rely on our contractual obligation under Article 6(1)(b) of the GDPR for this processing.

🗺️ Where do we store it?

Our platform is hosted on AWS servers based in the EU. To find out more about AWS, you can visit their privacy notice here. Platform related data will also be hosted on Fauna DB which is a document-relational database. You can find out more about them here.

When shipping the product back to the dentists we use couriers such as Royal Mail, DHL or others. This can be sent directly to dentists or clinics or directly to customers.

⏲️ How long do we keep it for?

We keep the personal data on our platform for the duration of your account with us and for 6 years after you left us, in line with the statutory retention periods for contractual claims.

The data shared with our couriers is removed after 3 months

‍

When you apply for a job with us

🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?

 💡 Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

‍When you apply for a job with us, we need some information about you in order to manage your recruitment processes, such as your name, CV, email address, phone number, and interview notes. The legal basis we rely on for this is Article 6(1)(f) of the GDPR - Legitimate Interests.,

🗺️ Where do we store it?

The information we will collect during the recruitment stage will be stored in Google Drive on servers located in the European Union. You can find out more about how Google processes data, here.

⏲️ How long do we keep it for?

If you are offered a job with us, we will retain your data during your employment and remove it in line with our obligations under the law. Otherwise, we will keep your data during your interview process and remove it after 6 months.

‍

When you join 32Co as an employee

🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?

 💡 Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

Before your employment, we require employment references in order to verify your qualifications and we rely on Article 6(1)(f) of the GDPR - Legitimate Interest for this processing.

During your employment with us, we'll process information about you in order to manage your employment. The information we collect is your name, phone number, email address, job title, signature, home address, ID, passport copies, Visa details and employment contracts. The legal basis we rely on for this is Article 6(1)(b) of the GDPR - Contractual Obligation.

During your employment with us, we may need to process data about your health and sickness in order to be able to accommodate your requirements and we rely on Article 6(1)(f) of the GDPR - Legitimate Interests and Article 9 (2)(b) of the GDPR - Employment, Social Security and Social Protection and paragraph 1 (1) - Part 1 of Schedule 1 of the Data Protection Act 2018.

During your employment with us, in order to provide your remuneration we require information about your salaries, bank account details, insurance and tax information and we rely on Article 6(1)(b) of the GDPR - Contractual Obligation and Article (6(1)(c) of the GDPR - Legal Obligation, when collecting these.

🗺️ Where do we store it?

Information about your employment will be stored in Google Drive, on servers located in the European Union. You can find out more about how Google processes data, here.

This information may also be stored in Airtable that stores data in the United States. For international data transfer to the US, Airtable relies on standard contractual clauses. You can find out more about them here.

Your contract and signature will be managed through DocuSign and you can find out more about them here.

Your financial information will also be stored on our accounting system called Xero, which processes data on servers located in the UK. You can find out more about them, here.

Your holiday requests and payment data are also processed through MyPayments App.

During your employment we will make some tools available to you, to help in your day-to-day work activities. These can be:

• Notion, which is our centralised knowledge base. You can find out more about how Notion processes data, here.
• Slack as an instant communication platform and you can find out more about them [here](https://slack.com/intl/en-gb/trust/privacy/privacy-policy#:~:text=Slack may share and disclose,applicable law and legal process.).
• OneNote for note-taking, which is part of Microsoft and you can find out more about them here.
• Loom for screen recording. You can find out more about them here.
• We may also communicate with you through Whatsapp or Telegram.

‍⏲️ How long do we keep it for?

We will retain your HR file, background checks, training records, contracts of employment, salaries information and pension scheme records for 6 years after your employment, in line with UK law and business best practice.

We will retain your income tax records for 3 years after your employment. We will retain your immigration checks and information about your working time and absence for 2 years after employment, in line with UK law.

We will retain your bank account details for the duration of your employment and remove them once you leave us.

Your access to the tools we provide will be removed after your employment with us and your data will be deleted from the systems.

‍

When you visit our website

Our website uses cookies and other similar technologies of which you should be aware.

🗂️ What cookies do we collect, why do we collect them, and what legal basis do we rely on?

 💡 Cookies are text files placed on your hard drive by a web page server when you visit a website and are saved in your browser's history. They allow the website to recognise your device and store some information about your preferences or past actions. Cookies cannot be used to run programs or deliver viruses to your computer; they are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie.

When you use our website, the cookies can be stored on your device are either first party cookies, which are placed and read by us directly while you are using our website or third party cookies, which are set by other third parties we have partnered with.

Below is a list of the cookies we use and the purposes for which they are used:

Essential cookies

💡 These are essential to the operation of our website and are integral to the functioning of our Website, therefore they cannot be removed.

These cookies are set by Finsweet Cookie Consent, and they manage your consent to non-essential cookies. This allows us to ensure you only receive cookies that you consent to and that consent can be withdrawn at any time. This processing takes place exclusively on your computer. You can find more information here.

Non-essential cookies

 💡 These cookies are additional to the the performance of our Website and help us improve the service we provide to you.

Analytical cookies

These are third party cookies that enable us to monitor and analyse how visitors use our website and generate statistics based on them.

These cookies are set by Google Analytics and Hotjar. Google Analytics is a web analysis service provided by Google which uses the Data collected to track and examine the use of our Website. Hotjar is a web traffic tracking service which uses data collected to understand how users behave on the website.

Place of processing: Google: United States - Privacy Policy Hotjar: European Union - Privacy Policy

You can choose not to store Non-essential cookies on your computer when you visit our website, or you can adjust your browser settings to prevent cookies from being saved on your computer. You can find information about how to manage Cookies in the most commonly used browsers at the following addresses:

• Google Chrome
• Mozilla Firefox
• Apple Safari
• Microsoft Internet Explorer
• Microsoft Edge
• Brave
• Opera

‍

What are your rights?

Your personal data is yours and you have rights in relation to it granted by the UK GDPR, which include:

📮 The right to be informed

You have the right to be informed about the collection and use of your personal data, the purposes for processing, retention periods for that personal data and who it will be shared with. We have set this information out in this privacy notice.

🗝️ The right of access

You have the right to ask us for copies of the data we hold about you. If you ask us, we’ll confirm whether we’re processing your personal information and, if so, provide you with a copy of that personal information (along with certain other details).

⛔ The right to object

You have the right to ask us to stop processing your personal information in some circumstances, such as when we are relying on our own (or someone else’s) legitimate interests to process your personal information, when we are processing your personal information for direct marketing or when we are processing your personal information for research.

📝 The right to rectification

You have the right to ask us to rectify the personal information you think is inaccurate or to complete information you think is incomplete. When you ask us to rectify your information, if we’ve shared your personal information with others, we’ll let them know about the rectification where possible.

🧽 The right to erasure

You have the right to ask us to erase your personal information, in some circumstances, such as where we no longer need it or you withdraw your consent (where applicable).

🚫 The right to restrict processing

You have the right to ask us to restrict the processing of your personal information for a period of time in some circumstances, such as where you contest the accuracy of that personal information or object to us processing it. This right is separate from the right to object and will only stop us from using your personal information further, not from processing it. If we’ve shared your personal information with others, we’ll let them know about the restriction where possible.‍

✈️ The right to data portability

You have the right to ask that we transfer the personal information you gave us to another organisation, or to someone else, in some circumstances.

You don't have to pay anything in order to exercise your rights. Please contact us by sending an email to Tim.Haines@32Co.com if you wish to make a request under your rights; we have a calendar month to get back to you with a response.

‍

💔 How you can complain

If you have any concerns about our use of your personal information, please let us know by:

💡 Emailing us at Tim.Haines@32Co.com , or

💡 Writing to us at 32Co, G03 Brickfields Business Centre, 37 Cremer Street, London, E2 8HD

If you are not satisfied with our response or you are unhappy with how we have used your data, you can complain to the Information Commissioner's Office (ICO). You can find the ICO contact details below:

💡 ICO Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, Helpline number: 0303 123 1113.

💡 ICO Website: https://www.ico.org.uk